lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2024022804-askew-stung-cba8@gregkh>
Date: Wed, 28 Feb 2024 07:06:38 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Dominique Martinet <asmadeus@...ewreck.org>
Cc: stable@...r.kernel.org, patches@...ts.linux.dev,
	linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org,
	akpm@...ux-foundation.org, linux@...ck-us.net, shuah@...nel.org,
	patches@...nelci.org, lkft-triage@...ts.linaro.org, pavel@...x.de,
	jonathanh@...dia.com, f.fainelli@...il.com,
	sudipm.mukherjee@...il.com, srw@...dewatkins.net, rwarsow@....de,
	conor@...nel.org, allen.lkml@...il.com
Subject: Re: [PATCH 5.10 000/122] 5.10.211-rc1 review

On Wed, Feb 28, 2024 at 08:59:36AM +0900, Dominique Martinet wrote:
> Greg Kroah-Hartman wrote on Tue, Feb 27, 2024 at 02:26:01PM +0100:
> > Kees Cook <keescook@...omium.org>
> >     net: dev: Convert sa_data to flexible array in struct sockaddr
> > (ca13c2b1e9e4b5d982c2f1e75f28b1586e5c0f7f in this tree,
> > b5f0de6df6dce8d641ef58ef7012f3304dffb9a1 upstream)
> 
> This commit breaks build of some 3rd party wireless module we use here
> (because sizeof(sa->sa_data) no longer works and needs to use
> sa_data_min)
> With that said I guess it really is a dependency on the arp_req_get
> overflow, so probably necessary evil, and I don't think we explicitly
> pretend to preserve APIs for 3rd party modules so this is probably
> fine... The new warnings that poped up (and were reported in other
> messages) a probably worth checking though.

We NEVER preserve in-kernel APIs for any out-of-tree code as obviously,
we have no idea what out-of-tree code is actually using, so it would be
impossible to do so.

Also, it's odd that a driver is hit by this as no in-kernel driver was,
so perhaps it's using the wrong api to start with :)

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ